refactor: Align Epic 0 & Epic 1 with true microservices architecture

Refactor core kernel and infrastructure to support true microservices
architecture where services are independently deployable.

Phase 1: Core Kernel Cleanup
- Remove database provider from CoreModule (services create their own)
- Update ProvideHealthRegistry to not depend on database
- Add schema support to database client (NewClientWithSchema)
- Update main entry point to remove database dependency
- Core kernel now provides only: config, logger, error bus, health, metrics, tracer, service registry

Phase 2: Service Registry Implementation
- Create ServiceRegistry interface (pkg/registry/registry.go)
- Implement Consul registry (internal/registry/consul/consul.go)
- Add Consul dependency (github.com/hashicorp/consul/api)
- Add registry configuration to config/default.yaml
- Add ProvideServiceRegistry() to DI container

Phase 3: Service Client Interfaces
- Create service client interfaces:
  - pkg/services/auth.go - AuthServiceClient
  - pkg/services/identity.go - IdentityServiceClient
  - pkg/services/authz.go - AuthzServiceClient
  - pkg/services/audit.go - AuditServiceClient
- Create ServiceClientFactory (internal/client/factory.go)
- Create stub gRPC client implementations (internal/client/grpc/)
- Add ProvideServiceClientFactory() to DI container

Phase 4: gRPC Service Definitions
- Create proto files for all core services:
  - api/proto/auth.proto
  - api/proto/identity.proto
  - api/proto/authz.proto
  - api/proto/audit.proto
- Add generate-proto target to Makefile

Phase 5: API Gateway Implementation
- Create API Gateway service entry point (cmd/api-gateway/main.go)
- Create Gateway implementation (services/gateway/gateway.go)
- Add gateway configuration to config/default.yaml
- Gateway registers with Consul and routes requests to backend services

All code compiles successfully. Core services (Auth, Identity, Authz, Audit)
will be implemented in Epic 2 using these foundations.

internal/client/factory.go

@@ -0,0 +1,51 @@
+// Package client provides service client factory for creating service clients.
+package client
+
+import (
+	"context"
+	"fmt"
+
+	"git.dcentral.systems/toolz/goplt/internal/client/grpc"
+	"git.dcentral.systems/toolz/goplt/pkg/registry"
+	"git.dcentral.systems/toolz/goplt/pkg/services"
+)
+
+// ServiceClientFactory creates service clients for inter-service communication.
+type ServiceClientFactory struct {
+	registry registry.ServiceRegistry
+}
+
+// NewServiceClientFactory creates a new service client factory.
+func NewServiceClientFactory(reg registry.ServiceRegistry) *ServiceClientFactory {
+	return &ServiceClientFactory{
+		registry: reg,
+	}
+}
+
+// GetAuthClient returns an AuthServiceClient.
+func (f *ServiceClientFactory) GetAuthClient() (services.AuthServiceClient, error) {
+	return grpc.NewAuthClient(f.registry)
+}
+
+// GetIdentityClient returns an IdentityServiceClient.
+func (f *ServiceClientFactory) GetIdentityClient() (services.IdentityServiceClient, error) {
+	return grpc.NewIdentityClient(f.registry)
+}
+
+// GetAuthzClient returns an AuthzServiceClient.
+func (f *ServiceClientFactory) GetAuthzClient() (services.AuthzServiceClient, error) {
+	return grpc.NewAuthzClient(f.registry)
+}
+
+// GetAuditClient returns an AuditServiceClient.
+func (f *ServiceClientFactory) GetAuditClient() (services.AuditServiceClient, error) {
+	return grpc.NewAuditClient(f.registry)
+}
+
+// DiscoverService discovers service instances for a given service name.
+func (f *ServiceClientFactory) DiscoverService(ctx context.Context, serviceName string) ([]*registry.ServiceInstance, error) {
+	if f.registry == nil {
+		return nil, fmt.Errorf("service registry is not available")
+	}
+	return f.registry.Discover(ctx, serviceName)
+}

internal/client/grpc/audit_client.go

@@ -0,0 +1,33 @@
+// Package grpc provides gRPC client implementations for service clients.
+package grpc
+
+import (
+	"context"
+	"fmt"
+
+	"git.dcentral.systems/toolz/goplt/pkg/registry"
+	"git.dcentral.systems/toolz/goplt/pkg/services"
+)
+
+// AuditClient implements AuditServiceClient using gRPC.
+// This is a stub implementation - will be fully implemented when proto files are generated in Phase 4.
+type AuditClient struct {
+	registry registry.ServiceRegistry
+}
+
+// NewAuditClient creates a new gRPC client for the Audit Service.
+func NewAuditClient(reg registry.ServiceRegistry) (services.AuditServiceClient, error) {
+	return &AuditClient{
+		registry: reg,
+	}, nil
+}
+
+// Record records an audit log entry.
+func (c *AuditClient) Record(ctx context.Context, entry *services.AuditLogEntry) error {
+	return fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// Query queries audit logs based on filters.
+func (c *AuditClient) Query(ctx context.Context, filters *services.AuditLogFilters) ([]services.AuditLogEntry, error) {
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}

internal/client/grpc/auth_client.go

@@ -0,0 +1,75 @@
+// Package grpc provides gRPC client implementations for service clients.
+package grpc
+
+import (
+	"context"
+	"fmt"
+
+	"git.dcentral.systems/toolz/goplt/pkg/registry"
+	"git.dcentral.systems/toolz/goplt/pkg/services"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+)
+
+// AuthClient implements AuthServiceClient using gRPC.
+// This is a stub implementation - will be fully implemented when proto files are generated in Phase 4.
+type AuthClient struct {
+	registry registry.ServiceRegistry
+	// conn will be set when proto files are available
+	// conn *grpc.ClientConn
+}
+
+// NewAuthClient creates a new gRPC client for the Auth Service.
+func NewAuthClient(reg registry.ServiceRegistry) (services.AuthServiceClient, error) {
+	return &AuthClient{
+		registry: reg,
+	}, nil
+}
+
+// Login authenticates a user and returns access and refresh tokens.
+func (c *AuthClient) Login(ctx context.Context, email, password string) (*services.TokenResponse, error) {
+	// TODO: Implement when proto files are generated
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// RefreshToken refreshes an access token using a refresh token.
+func (c *AuthClient) RefreshToken(ctx context.Context, refreshToken string) (*services.TokenResponse, error) {
+	// TODO: Implement when proto files are generated
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// ValidateToken validates a JWT token and returns the token claims.
+func (c *AuthClient) ValidateToken(ctx context.Context, token string) (*services.TokenClaims, error) {
+	// TODO: Implement when proto files are generated
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// Logout invalidates a refresh token.
+func (c *AuthClient) Logout(ctx context.Context, refreshToken string) error {
+	// TODO: Implement when proto files are generated
+	return fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// connectToService discovers and connects to a service instance.
+func connectToService(ctx context.Context, reg registry.ServiceRegistry, serviceName string) (*grpc.ClientConn, error) {
+	instances, err := reg.Discover(ctx, serviceName)
+	if err != nil {
+		return nil, fmt.Errorf("failed to discover service %s: %w", serviceName, err)
+	}
+
+	if len(instances) == 0 {
+		return nil, fmt.Errorf("no instances found for service %s", serviceName)
+	}
+
+	// Use the first healthy instance (load balancing can be added later)
+	instance := instances[0]
+	address := fmt.Sprintf("%s:%d", instance.Address, instance.Port)
+
+	// Create gRPC connection
+	conn, err := grpc.NewClient(address, grpc.WithTransportCredentials(insecure.NewCredentials()))
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect to %s at %s: %w", serviceName, address, err)
+	}
+
+	return conn, nil
+}

internal/client/grpc/authz_client.go

@@ -0,0 +1,43 @@
+// Package grpc provides gRPC client implementations for service clients.
+package grpc
+
+import (
+	"context"
+	"fmt"
+
+	"git.dcentral.systems/toolz/goplt/pkg/registry"
+	"git.dcentral.systems/toolz/goplt/pkg/services"
+)
+
+// AuthzClient implements AuthzServiceClient using gRPC.
+// This is a stub implementation - will be fully implemented when proto files are generated in Phase 4.
+type AuthzClient struct {
+	registry registry.ServiceRegistry
+}
+
+// NewAuthzClient creates a new gRPC client for the Authz Service.
+func NewAuthzClient(reg registry.ServiceRegistry) (services.AuthzServiceClient, error) {
+	return &AuthzClient{
+		registry: reg,
+	}, nil
+}
+
+// Authorize checks if a user has a specific permission and returns an error if not.
+func (c *AuthzClient) Authorize(ctx context.Context, userID, permission string) error {
+	return fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// HasPermission checks if a user has a specific permission.
+func (c *AuthzClient) HasPermission(ctx context.Context, userID, permission string) (bool, error) {
+	return false, fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// GetUserPermissions returns all permissions for a user.
+func (c *AuthzClient) GetUserPermissions(ctx context.Context, userID string) ([]services.Permission, error) {
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// GetUserRoles returns all roles for a user.
+func (c *AuthzClient) GetUserRoles(ctx context.Context, userID string) ([]services.Role, error) {
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}

internal/client/grpc/identity_client.go

@@ -0,0 +1,63 @@
+// Package grpc provides gRPC client implementations for service clients.
+package grpc
+
+import (
+	"context"
+	"fmt"
+
+	"git.dcentral.systems/toolz/goplt/pkg/registry"
+	"git.dcentral.systems/toolz/goplt/pkg/services"
+)
+
+// IdentityClient implements IdentityServiceClient using gRPC.
+// This is a stub implementation - will be fully implemented when proto files are generated in Phase 4.
+type IdentityClient struct {
+	registry registry.ServiceRegistry
+}
+
+// NewIdentityClient creates a new gRPC client for the Identity Service.
+func NewIdentityClient(reg registry.ServiceRegistry) (services.IdentityServiceClient, error) {
+	return &IdentityClient{
+		registry: reg,
+	}, nil
+}
+
+// GetUser retrieves a user by ID.
+func (c *IdentityClient) GetUser(ctx context.Context, id string) (*services.User, error) {
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// GetUserByEmail retrieves a user by email address.
+func (c *IdentityClient) GetUserByEmail(ctx context.Context, email string) (*services.User, error) {
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// CreateUser creates a new user.
+func (c *IdentityClient) CreateUser(ctx context.Context, user *services.CreateUserRequest) (*services.User, error) {
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// UpdateUser updates an existing user.
+func (c *IdentityClient) UpdateUser(ctx context.Context, id string, user *services.UpdateUserRequest) (*services.User, error) {
+	return nil, fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// DeleteUser deletes a user.
+func (c *IdentityClient) DeleteUser(ctx context.Context, id string) error {
+	return fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// VerifyEmail verifies a user's email address using a verification token.
+func (c *IdentityClient) VerifyEmail(ctx context.Context, token string) error {
+	return fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// RequestPasswordReset requests a password reset token.
+func (c *IdentityClient) RequestPasswordReset(ctx context.Context, email string) error {
+	return fmt.Errorf("not implemented: proto files not yet generated")
+}
+
+// ResetPassword resets a user's password using a reset token.
+func (c *IdentityClient) ResetPassword(ctx context.Context, token, newPassword string) error {
+	return fmt.Errorf("not implemented: proto files not yet generated")
+}